Cart

    Sorry, we could not find any results for your search querry.

    Restricting Remote Desktop access using group policies

    Within a Windows domain/Active Directory environment, it is desirable to restrict access to remote desktop servers to specific users and groups. Microsoft offers various options with which you can restrict remote desktop access, of which you will find an overview in our article 'restricting Remote Desktop access'.

    In this tutorial, we will show you how to use group policies to prohibit users and/or groups from accessing remote desktop in an Active Directory environment.

     

    Step 1

    Connect via remote desktop or the VPS console as domain administrator to your remote desktop server.


     

    Step 2

    Click the Windows Start button and search for 'gpedit'. Click 'Edit group policy' in the results.

    windows start gpedit


     

    Step 3

    In the left menu, expand the following options: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

    Then double click 'Deny logon through Remote Desktop Services'.

    local group policy editor user rights assignment deny rdp


     

    Step 4

    Click 'Add User or Group...', search for the user or group you want to deny remote desktop access to, then click 'OK'. The easiest way is to use a group and add users to it who are not allowed to access Remote Desktop. Have you not yet created a group for this? Then do so first with the help of our Active Directory User and Group management manual.

    select users computers etc no rds group

    Click 'Apply' and 'OK' to apply the change.

    deny rdp log on add group


     

    Step 5

    Press the Windows Start button, type 'Powershell' and right click Windows Powershell and select 'Run as administrator'.

    windows start powershell runasadmin


     

    Step 6

    Use the following command to apply the policy change:

    gpupdate /force

    Group policy updates are periodically made to your servers. To apply this change immediately, repeat steps 5 and 6 on the servers on which you want to restrict RDP access.

    This brings us to the end of this guide on restricting RDS access via group policies.

    Need help?

    Receive personal support from our supporters

    Contact us